Login Problem

[StefanS]

Hallo zusammen,
beötige eure Hilfe.

Ich habe hier einen RHEL Clone x86_64 (ähnlich wie Centos 4.3).
proftp ist Version 1.2.10 von Dag's Repro.

Problem:
Ich kann mich mit einem am System angelegten User nicht anmelden.
Der Login an der shell selbst geht ohne Problem.

Ich hatte mal das Problem das in älteren x86_64 Versionen es Probleme mit der "pam" gab,
aber das scheint nicht der Fall zu sein.

Hier das debug.log

[root@vm-sv1 etc]# proftpd -n -d6
 - mod_tls/2.0.7: using OpenSSL 0.9.7a Feb 19 2003
 - parsing '/etc/proftpd.conf' configuration
 - <IfModule>: skipping 'mod_delay.c' section
 - <IfModule>: found 'mod_tls.c' module
 - dispatching auth request "getpwnam" to module mod_auth_file
 - dispatching auth request "getpwnam" to module mod_auth_unix
 - dispatching auth request "getgrnam" to module mod_auth_file
 - dispatching auth request "getgrnam" to module mod_auth_unix
 - <IfModule>: found 'mod_sql.c' module
 - Compiling deny regex '\*.*/'.
 - Allocated deny regex at location 0x6b24e0.
 - <Directory /daten/VM-Maschinen/>: adding section for resolved path '/daten/VM-Maschinen'
vm-sv1.feltengmbh.de -
vm-sv1.feltengmbh.de - Config for TestFTP:
vm-sv1.feltengmbh.de - PidFile
vm-sv1.feltengmbh.de - RootRevoke
vm-sv1.feltengmbh.de - DefaultServer
vm-sv1.feltengmbh.de - /daten/VM-Maschinen
vm-sv1.feltengmbh.de -  Limit
vm-sv1.feltengmbh.de -   AllowUser
vm-sv1.feltengmbh.de -   DenyAll
vm-sv1.feltengmbh.de -  RootRevoke
vm-sv1.feltengmbh.de -  UseFtpUsers
vm-sv1.feltengmbh.de -  RequireValidShell
vm-sv1.feltengmbh.de -  MaxClientsPerHost
vm-sv1.feltengmbh.de -  DisplayLogin
vm-sv1.feltengmbh.de -  DisplayFirstChdir
vm-sv1.feltengmbh.de -  AllowOverride
vm-sv1.feltengmbh.de -  TimeoutSession
vm-sv1.feltengmbh.de -  DenyFilter
vm-sv1.feltengmbh.de -  ListOptions
vm-sv1.feltengmbh.de -  UseGlobbing
vm-sv1.feltengmbh.de -  ShowSymlinks
vm-sv1.feltengmbh.de -  TimesGMT
vm-sv1.feltengmbh.de -  AllowOverwrite
vm-sv1.feltengmbh.de -  AllowRetrieveRestart
vm-sv1.feltengmbh.de -  HiddenStores
vm-sv1.feltengmbh.de -  DeleteAbortedStores
vm-sv1.feltengmbh.de -  AllowStoreRestart
vm-sv1.feltengmbh.de -  Umask
vm-sv1.feltengmbh.de -  DirUmask
vm-sv1.feltengmbh.de -  WtmpLog
vm-sv1.feltengmbh.de -  TransferLog
vm-sv1.feltengmbh.de - Limit
vm-sv1.feltengmbh.de -  DenyGroup
vm-sv1.feltengmbh.de -  IgnoreHidden
vm-sv1.feltengmbh.de - UserID
vm-sv1.feltengmbh.de - UserName
vm-sv1.feltengmbh.de - GroupID
vm-sv1.feltengmbh.de - GroupName
vm-sv1.feltengmbh.de - ServerIdent
vm-sv1.feltengmbh.de - DeferWelcome
vm-sv1.feltengmbh.de - DisplayConnect
vm-sv1.feltengmbh.de - IdentLookups
vm-sv1.feltengmbh.de - UseFtpUsers
vm-sv1.feltengmbh.de - RequireValidShell
vm-sv1.feltengmbh.de - TimeoutLogin
vm-sv1.feltengmbh.de - MaxLoginAttempts
vm-sv1.feltengmbh.de - MaxClientsPerHost
vm-sv1.feltengmbh.de - AuthOrder
vm-sv1.feltengmbh.de - PassivePorts
vm-sv1.feltengmbh.de - DisplayLogin
vm-sv1.feltengmbh.de - DisplayFirstChdir
vm-sv1.feltengmbh.de - AllowOverride
vm-sv1.feltengmbh.de - TimeoutIdle
vm-sv1.feltengmbh.de - TimeoutNoTransfer
vm-sv1.feltengmbh.de - TimeoutStalled
vm-sv1.feltengmbh.de - TimeoutSession
vm-sv1.feltengmbh.de - DefaultRoot
vm-sv1.feltengmbh.de - DenyFilter
vm-sv1.feltengmbh.de - ListOptions
vm-sv1.feltengmbh.de - UseGlobbing
vm-sv1.feltengmbh.de - ShowSymlinks
vm-sv1.feltengmbh.de - TimesGMT
vm-sv1.feltengmbh.de - AllowOverwrite
vm-sv1.feltengmbh.de - AllowRetrieveRestart
vm-sv1.feltengmbh.de - HiddenStores
vm-sv1.feltengmbh.de - DeleteAbortedStores
vm-sv1.feltengmbh.de - AllowStoreRestart
vm-sv1.feltengmbh.de - Umask
vm-sv1.feltengmbh.de - DirUmask
vm-sv1.feltengmbh.de - DebugLevel
vm-sv1.feltengmbh.de - ServerLog
vm-sv1.feltengmbh.de - WtmpLog
vm-sv1.feltengmbh.de - TransferLog
vm-sv1.feltengmbh.de - ExtendedLog
vm-sv1.feltengmbh.de - ExtendedLog
vm-sv1.feltengmbh.de - ExtendedLog
vm-sv1.feltengmbh.de - dispatching auth request "getgroups" to module mod_auth_file
vm-sv1.feltengmbh.de - dispatching auth request "getgroups" to module mod_auth_unix
vm-sv1.feltengmbh.de - ProFTPD 1.2.10 (stable) (built Fri Feb 10 17:30:26 CET 2006) standalone mode STARTUP
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session requested from unknown class
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - AuthOrder in effect, resetting auth module order
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - ident lookup disabled
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - connected - local  : 192.168.1.113:21
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - connected - remote : 192.168.1.68:3753
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session opened.
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_tls
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_core
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_core
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_auth
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching CMD command 'USER vmuser' to mod_auth
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getgroups" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD command 'USER vmuser' to mod_log
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching CMD command 'PASS (hidden)' to mod_auth
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getgroups" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getpwnam" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "gid_name" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - USER vmuser (Login failed): Limit access denies login
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP login timed out, disconnected
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix
vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session closed.

Übrigens Debug Level, obwohl in der *.conf angegeben logt er nicht in das File.

Hier meine proftpd.conf:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody/nogroup" and "ftp" for normal operation and anon.

ServerName TestFTP
ServerType standalone
PidFile /var/run/proftpd.pid


MaxInstances 30
MaxConnectionRate 4
SocketBindTight off
UseReverseDNS off

RootRevoke on
DefaultServer on
MultilineRFC2228 on

<IfModule mod_delay.c>
DelayEngine off
#DelayTable var/run/proftpd/proftpd.delay
</IfModule>

<IfModule mod_tls.c>
TLSProtocol SSLv23
</IfModule>


# Log-Formate definieren
SystemLog NONE
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# --------------------------------------------
# globale Settings
# --------------------------------------------


<Global>
User nobody
Group nobody

# --------------------------------------------
# Login
# --------------------------------------------
 
ServerIdent on "FTP server ready."
DeferWelcome on
DisplayConnect /etc/proftpd.msg

IdentLookups off
UseFtpUsers off
RequireValidShell off

TimeoutLogin 60
MaxLoginAttempts 3
MaxClientsPerHost 3

# --------------------------------------------
# Authentifikation: Standard
# --------------------------------------------


<IfModule !mod_sql.c>
AuthOrder mod_auth_unix.c

<Limit LOGIN>
DenyGroup !testftpuser
IgnoreHidden on

</Limit>
</IfModule>


# --------------------------------------------
# Authentifikation per SQL
# --------------------------------------------

#<IfModule mod_sql.c>
#AuthOrder mod_sql.c
#SQLConnectInfo db@localhost sqluser pass
#SQLUserInfo ftp userid passwd uid gid homedir NULL
#SQLAuthTypes Plaintext
#SQLAuthenticate users
#SQLMinUserUID 1024
#SQLMinUserGID 555
#SQLNegativeCache on
#</IfModule>


# --------------------------------------------
# TLS Standards
# --------------------------------------------

#<IfModule mod_tls.c>
#TLSEngine off
#TLSTimeoutHandshake 60
#TLSRequired off
#TLSVerifyClient off
#TLSOptions NoCertRequest
#TLSLog /var/log/proftpd/tls.log
# TLSCACertificateFile /etc/ssl/certs/CA.cert # CA-Cert optional
#</IfModule>


# --------------------------------------------
# Post-Login, Timeouts
# --------------------------------------------

PassivePorts 49152 65534
DisplayLogin welcome.msg
DisplayFirstChdir .message
AllowOverride off
TimeoutIdle 600
TimeoutNoTransfer 3600
TimeoutStalled 300
TimeoutSession 7200

# --------------------------------------------
# Session
# --------------------------------------------

DefaultRoot ~
DenyFilter \*.*/
ListOptions "-An +R" strict
UseGlobbing off
ShowSymlinks on
TimesGMT on

# --------------------------------------------
# Up- & Download
# --------------------------------------------

AllowOverwrite on
AllowRetrieveRestart on
HiddenStores off
DeleteAbortedStores off
AllowStoreRestart on
# widerspricht sonst "DeleteAbortedStores"

# --------------------------------------------
# Datei & Verzeichnis
# --------------------------------------------

Umask 0017 0007


### hierher alle <Directory>-Bloecke
#------------------------------------------

# Directory Anweisungen
#  xxx


#<Directory /weg/zum/speziellen/Verzeichnis1/Upload/>

#<Limit RETR DELE>
#AllowUser user1
#AllowUser user2
#DenyAll
#</Limit>

#</Directory>

# xxx

<Directory /daten/VM-Maschinen/>

<Limit RETR DELE>
AllowUser vmuser
DenyAll
</Limit>

</Directory>


#<Directory /weg/zum/speziellen/Verzeichnis3/Upload/>

#<Limit RETR DELE>
#AllowUser user1
#DenyAll
#</Limit>

#</Directory>


#<Directory /weg/zum/speziellen/Verzeichnis4/Upload/>

#<Limit RETR DELE>
#AllowUser user1
#DenyAll
#</Limit>

#</Directory>


# --------------------------------------------
# Anonymous FTP
# --------------------------------------------

# <Anonymous /home/ftp>
# User ftp
# Group ftpuser
# UserAlias anonymous ftp
#
# MaxClients 5 # weniger anonymous-User als Reg.User
# MaxRetrieveFileSize 512 Mb # max. Downloadgroesse
#
# # Geschwindigkeit von Up/Downloads
# # auf 255 K/sec. beschraenken
# TransferRate APPE,RETR,STOR,STOU 255
#
# <Directory *>
# HideNoAccess on
# <Limit WRITE>
# DenyAll
# IgnoreHidden on
# </Limit>
# </Directory>
# </Anonymous>


# --------------------------------------------
# Logging
# --------------------------------------------

debugLevel 6
Serverlog /var/log/proftpd.debug.log 
WtmpLog off
TransferLog /var/log/proftpd/xferlog

#Record all logins
ExtendedLog /var/log/proftpd/auth.log AUTH auth

# Logging file/dir access
ExtendedLog /var/log/proftpd/access.log WRITE,READ write

 
# Paranoia logging level....
ExtendedLog /var/log/proftpd/paranoid.log ALL default

# fuer Debug: alle modMySQL Kommentare (Datenmenge immens!)

#SQLLogFile /var/log/proftpd/sql.log

</Global>


# --------------------------------------------
# Standard-Server
# --------------------------------------------

#DefaultAddress xx.xxx.xxx.xx

ServerName TestFTP
ServerAdmin Administrator@feltengmbh.de

#MasqueradeAddress xxx.xxx.xxx

#<IfModule mod_tls.c>
#TLSEngine on
#TLSRSACertificateFile /etc/ssl/certs/meinserver.tld.cert
#TLSRSACertificateKeyFile /etc/ssl/certs/meinserver.tld.key
#</IfModule>


# --------------------------------------------
# Virtuelle Hosts...
# --------------------------------------------

#<VirtualHost 192.168.1.101>
#ServerName server2.meinserver.tld
#ServerAdmin hostmaster@meinserver.tld
 
#<IfModule mod_tls.c>
#TLSEngine on
#TLSRSACertificateFile /etc/ssl/certs/server2.meinserver.tld.cert
#TLSRSACertificateKeyFile /etc/ssl/certs/server2.meinserver.tld.key
#</IfModule>
#</VirtualHost>


Was mache ich falsch ?
Irgend eine Idee ?

Danke für jede Hilfe

Stefan

[StefanS]

wirklich niemand eine Idee ?

[VolGas]

Hallo!

Nur nicht ungeduldig werden - das ist kein Suportforum, hier läuft alles freiwillig und privat.

Die Fehlermedung ist klar und deutlich: "USER vmuser (Login failed): Limit access denies login"

Das kommt daher:

<Limit LOGIN>
   DenyGroup !testftpuser
   ...
</Limit>

Dieses "Limit" erlaubt nur das Einloggen der User der Gruppe "testftpuser".
Das ist schon äußerst sinnvoll, wenn auch der Gruppenname "testftpuser" nicht sehr glücklich gewählt ist.
Wenn der User "vmuser" nicht dieser Gruppe angehört, hat er "gelitten" und kommt erst gar nicht rein.
Also: alle User, die per FTP zugreifen können sollen, in diese Gruppe aufnehmen.

mfg.
  VolGas